Although the decentralized approach to handling cryptocurrency wallets has been lauded by users and crypto dealers alike but sometimes, it proves to be quite a risk to let users control their private keys – The same has happened, ironically, twice in the same year with MyEtherWallet, a third-party crypto wallet service that allows its users to enjoy the private key system, which has proven to be risky for the company as it is at risk of fund mismanagement and loss that too, on a user-to-user basis.
Reportedly, for the second time in 2018, the well-known cryptocurrency management platform MyEtherWallet (MEW) has suffered a security breach. The company is very famous for providing crypto-currency storage wallets and facilitating token sending and receiving between wallets.
The cause of this security breach is identified to be a commonly used VPN service with over 50 million users, Hola, which got compromised for five hours. When the company noticed the issue with the VPN, it immediately informed its users to stop using Hola so as to prevent their crypto from getting stolen. Since MEW itself wasn’t compromised so the regular users of the service stayed unaffected by the breach.
See: Popular Chrome VPN extensions are leaking your DNS data
The information about the malicious attack on Hola VPN service was shared with MEW users through Twitter. The Tweet explained that since Hola was hacked for five hours so it was possible for hackers to monitor the activities of some of the MEW users via the extension. The Tweet read:
“Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!”
We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.
— MyEtherWallet | MEW (@myetherwallet) July 10, 2018
The company notified its users who access MEW via the Hola extension to immediately transfer their crypto funds to a secure wallet in order to mitigate the threat of attack. Hola also released a report to share their side of the story, which read:
“Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After an initial investigation, we found that our Google Chrome Store account was compromised and that a hacker uploaded a modified version of the extension to the store.”
Later on, the company took down the fraudulent version and also resecured the Chrome Store account. Further investigation revealed that MEW users were the main targets of the cyber-attack, which comprised of injected JavaScript using which hackers wanted to phish MEW wallets information by redirecting users to a fake MEW website. Hola contacted Google and MEW to ensure that the cloned website stays inaccessible.
See: Tor Proxy Used By Cybercriminals To Initiate Bitcoin Theft
It is reported that the attack originated from a Russian IP address. However, there is currently no clear information about the number of users who did fell prey to the attack. A user on Reddit posted about losing 6000 VEN, approx. $12,000, due to the recent attack. To this, MEW stated that during the time when Hola was compromised, anyone who accessed MEW wallet using the compromised VPN might be affected.
Furthermore, MEW also stated that it takes a keen interest in ensuring the security of user accounts.
“The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.”